www: fec7aae4: CVEs acquired
markdoliner at pidgin.im
markdoliner at pidgin.im
Wed Mar 14 14:10:41 EDT 2012
----------------------------------------------------------------------
Revision: fec7aae4561cd3a03493404e82f725527d2ca90d
Parent: 087c13254ef58024563717e6a9deebbf7276f304
Author: markdoliner at pidgin.im
Date: 03/14/12 14:09:55
Branch: im.pidgin.www
URL: http://d.pidgin.im/viewmtn/revision/info/fec7aae4561cd3a03493404e82f725527d2ca90d
Changelog:
CVEs acquired
Changes against parent 087c13254ef58024563717e6a9deebbf7276f304
patched htdocs/news/security/index.php
-------------- next part --------------
============================================================
--- htdocs/news/security/index.php b96760544858e642129addb65f5c109384b97a11
+++ htdocs/news/security/index.php 52acdb75f3fd721e1daa17b98def331a988f234d
@@ -637,7 +637,7 @@ $vulnerabilities = array(
array(
"title" => "XMPP remote crash",
"date" => "2011-07-08",
- "cve" => "",
+ "cve" => "CVE-2011-4939",
"description" => "Certain types of nickname changes in XMPP chat rooms can trigger a NULL pointer dereference in Pidgin, which triggers a crash.",
"fix" => "Check for NULL before trying to use a struct.",
"fixrevisions" => "d1d77da56217f3a083e1d459bef054db9f1d5699",
@@ -647,7 +647,7 @@ $vulnerabilities = array(
array(
"title" => "Possible MSN remote crash",
"date" => "2012-01-17",
- "cve" => "",
+ "cve" => "CVE-2012-1178",
"description" => "In some situations the MSN server sends text that isn't UTF-8 encoded, and Pidgin fails to verify the text's encoding. In some cases this can lead to a crash when attempting to display the text.",
"fix" => "Verify that incoming text is UTF-8, and sanitize if it's not.",
"fixrevisions" => "3053d6a37cc6d8774aba7607b992a4408216adcd,ecabfaee8a1ca02e18ebadbb41cdcce19e78bc2e,b1b8c222ab921963f43e83502b6c6e2e4489a8c4,fdb56683f2b5f88f7b388aaef6c53c810d19e374,f12c9f6a6c31bcd3512f162209285a88a86595ff",
More information about the Commits
mailing list